Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- ##################################################
- ## Nemesida WAF settings
- ##################################################
- ##
- # License key and signature database
- ##
- nwaf_license_key none;
- nwaf_rules /etc/nginx/nwaf/rules.bin;
- ##
- # Nemesida WAF activation for virtual host
- ##
- nwaf_host_enable *;
- # nwaf_host_enable example.com, example.org;
- # nwaf_host_enable .example.com;
- # nwaf_host_enable *.example.com;
- ##
- # Ban settings
- ##
- nwaf_limit rate=5r/m block_time=600;
- # nwaf_limit rate=5r/m block_time=0 domain=example.com;
- ##
- # API and proxy settings
- ##
- nwaf_api_conf host=http://nwaf-api.xxx.ru:8081 api_proxy=none sys_proxy=none;
- ##
- # MLA settings
- ##
- nwaf_mla 127.0.0.1:5101 mla_score:2;
- # nwaf_mla_host_lm *;
- # nwaf_mla_host_lm example.com, example.org;
- # nwaf_mla_host_lm .example.com;
- # nwaf_mla_host_lm *.example.com;
- ##
- # MLC settings
- ##
- # nwaf_rmq_host_exclude *;
- # nwaf_rmq_host_exclude example.com, example.org;
- # nwaf_rmq_host_exclude .example.com;
- # nwaf_rmq_host_exclude *.example.com;
- # nwaf_ai_extra_host_lm *;
- # nwaf_ai_extra_host_lm example.com, example.org;
- # nwaf_ai_extra_host_lm .example.com;
- # nwaf_ai_extra_host_lm *.example.com;
- # nwaf_ai_extra_host_wl *;
- # nwaf_ai_extra_host_wl example.com, example.org;
- # nwaf_ai_extra_host_wl .example.com;
- # nwaf_ai_extra_host_wl *.example.com;
- ##
- # RabbitMQ and AI extra global settings
- ##
- nwaf_rmq host=127.0.0.1 user=guest password=guest ai_extra=on;
- ##
- # ClamAV settings
- ##
- # nwaf_clamav 127.0.0.1:3310;
- # nwaf_clamav 127.0.0.1:3310 FILE_ONLY;
- ##
- # Enable logging for all matched rules
- ##
- # nwaf_log_mr_all;
- # nwaf_log_mr_all domain=example.com;
- # nwaf_log_mr_all domain=.example.com;
- # nwaf_log_mr_all domain=*.example.com;
- ##
- # Global WL/LM policy
- ##
- ## Add client's IP to the whitelist
- # nwaf_ip_wl x.x.x.x;
- # nwaf_ip_wl x.x.x.x domain=example.com;
- # nwaf_ip_wl x.x.x.x domain=.example.com;
- # nwaf_ip_wl x.x.x.x domain=*.example.com;
- ## Add client's IP to the LM mode (like an IDS mode)
- # nwaf_ip_lm x.x.x.x;
- # nwaf_ip_lm x.x.x.x domain=example.com;
- # nwaf_ip_lm x.x.x.x domain=.example.com;
- # nwaf_ip_lm x.x.x.x domain=*.example.com;
- ## Switch off the Nemesida WAF
- # nwaf_host_wl *;
- # nwaf_host_wl example.com, example.org;
- # nwaf_host_wl .example.com;
- # nwaf_host_wl *.example.com;
- ## Add vhosts to the LM mode (like an IDS mode)
- # nwaf_host_lm *;
- # nwaf_host_lm example.com, example.org;
- # nwaf_host_lm .example.com;
- # nwaf_host_lm *.example.com;
- ## Add file's hash to ClamAV whitelist
- # nwaf_clamav_wl FILE-MD5-HASH;
- ##
- # Exclude request body processing for PUT method
- ##
- # nwaf_put_body_exclude *;
- # nwaf_put_body_exclude example.com, example.org;
- # nwaf_put_body_exclude .example.com;
- # nwaf_put_body_exclude *.example.com;
Add Comment
Please, Sign In to add comment